Is it possible to read/write a file at privilege?

---

• From: dodol <Dolka1@xxxxxxxxx>
• Date: Sat, 14 Jul 2007 10:29:20 -0700

---

hello.

I saw some systems which were hacked by sql injection tool
And some files of the systems were changed. I guess the tool tried to
read/write files.
howerver, the user privilege is not 'sa'. Is it possible for user who
is not 'sa' to read/write files?

If it is possible, how can I prevent the tools from reading/writing
files even if my web page is injectable?

.

---

• Follow-Ups:
  • Re: Is it possible to read/write a file at privilege?
    • From: Erland Sommarskog

• Prev by Date: Re: Is it possible to create a custom SQL session function/variable
• Next by Date: Re: How can I see what permissions "VIEW SERVER STATE" has?
• Previous by thread: Re: Is it possible to create a custom SQL session function/variable
• Next by thread: Re: Is it possible to read/write a file at privilege?
• Index(es):
  • Date
  • Thread

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint

www.derkeiler.com  > Newsgroups  > microsoft.public.sqlserver.security  > 2007-07